How to beat menace of cyber crime ‘smishing’
Scammers growing ever more plausible
EVEN cybersecurity experts are not immune to an explosion of online crime in the Covid 19 pandemic. Graham Day – author of Security In The Digital World – and his family have been targeted at least three times by scammers in the lockdown. And it seems likely that lesssecurity conscious people would be hit even more than someone who takes the highest level of precautions.
Mr Day said he is alarmed as the ‘heightened level of sophistication exhibited’ in these attacks.
Recently, he was among thousands of people who received a text purporting to be from our national postal carrier demanding money before they released a parcel.
This is a new and sophisticated breed of fraudster. Gone are the misspelled missives from the widow of a Nigerian prince.
Today’s fraudsters send highly targeted and plausible word-perfect emails with convincing graphics that trigger a quick and thoughtless response from busy people.
The ‘An Post’ missive is short, business-like and targeted at people waiting for deliveries amid chaos caused by the lockdown online shopping boom and Britain’s chaotic departure from the EU.
‘Following on from Brexit, this is a scam which is likely to catch many people out,’ Mr Day said.
The scammers had picked the wrong guy. He easily spotted it as ‘smishing’ – the text version of phishing.
Phishing, involves casting bait via email in the hope of hooking unwary victims.
A second smishing attack on Mr Day involved a message saying his ‘BOI card was deactivated due to a transaction made on April 30. To reactivate the card I should visit www(dot)review365boi(dot)com to review the purchase’.
He spotted that the site was fake. But most people may not. ‘It was an almost exact replica.’
Both of these scam attempts on Mr Day were examples of ‘whale’ smishing, or phishing.
‘The term refers to the biggest net being cast in the hope of catching some victim. Whale phishing evolved from the “Nigerian Prince” (but is) purporting to be from a reputable organisation.’ Almost everyone who has had an email account for more than a decade has probably not only been hacked but had their details sold to criminals on the dark web, an alternative internet for criminal activities.
You can check how many times your email has been hacked and sold on the website haveIbeenpwned.com, which has details of more than nine billion hacked email accounts. I checked an old email address and found it has been hacked 13 times, changing hands among criminals on the dark web at least three times.
In January 2019, it was among 2.7 billion records of email accounts and passwords distributed on a hacking forum.
Recently, the personal details of over a billion Facebook and LinkedIn accounts were breached.
The lockdown has driven business online – and criminals are no exception.
Reported online crime rose by nearly half last year, latest garda figures show. Accountants PwC noted a doubling of online business fraud in 2020. Most people now working at home on laptops have far less protection than they do in IT-Department protected offices, creating a ‘perfect storm for fraud’, PwC said.
Apart from phishing, be wary that you don’t wander onto a fake website. This may look exactly like a trusted original they mimic but will capture your personal information or infiltrate your device with malicious software (malware).
You can sometimes spot fakes by the web address, which should be preceded by https:// in legitimate sites. The S in https:// stands for secure. This shows the site uses encryption to transfer data, offering some protection from hackers. ‘Also look for the digital padlock beside the address bar. The https:// may not be visible, but the closed digital padlock should be visible,’ advises Mr Day.
And don’t just glance at the name of the website – read it
carefully. The dodgiest ones pass a one-glance inspection.
‘A fake site pretending to be www.google.com could be something like www.go0gle. com or www.google.co.m,’ warns Mr Day. He helped us compile four lockdown scams to watch out for:
FRAUDULENT CHARITIES: Charities have lost out terribly during the pandemic from the lack of street collections. But to make things much worse, ruthless fraudsters have bombarded people with ‘fake charity’ requests to undermine confidence in giving online.
Check that a charity is real on the website https://www.charitiesregulator.ie/en.
JOB OFFERS: Another nasty scam targeting millions of people who have either lost their jobs or are at risk of doing so. The scammers know to target this at the hard-hit hospitality and entertainment sectors.
The ‘chicken egg’ scam, for example, will simply glean a person’s current role from their LinkedIn profile and add the word ‘position’ at the end to lure them to apply for a job, for example, ‘deputy manager position’. They will be asked to download a zip file containing malware that will infiltrate their computer.
BREXIT: Scams about Brexit will look for your payment card information to pay ‘customs tax’ on deliveries which are held back, pending payment. They will suggest a delivery will be returned unless payment is made immediately to create urgency.
VACCINES: You may be offered a vaccine for sale or told to attend a clinic and asked for personal details, via text, email or a phone call. The HSE has warned people not to give out personal details like bank or PPS numbers to unsolicited callers.